-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathentrypoint.sh
More file actions
54 lines (45 loc) · 1.46 KB
/
entrypoint.sh
File metadata and controls
54 lines (45 loc) · 1.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env bash
set -Eeuo pipefail
# ChatGPT wrote almost 100% of this, with minor edits
fix_permissions() {
local path
for path in /app/config /app/cache /app/logs /app/plugins /tmp; do
mkdir -p "$path"
chown -R "${PUID}:${PGID}" "$path"
done
}
remap_user_group() {
local current_group current_uid
if getent group "${APP_USER}" >/dev/null 2>&1; then
current_group="$(getent group "${APP_USER}" | cut -d: -f3)"
if [[ "${current_group}" != "${PGID}" ]]; then
groupmod -o -g "${PGID}" "${APP_USER}"
fi
else
groupadd -o -g "${PGID}" "${APP_USER}"
fi
if id -u "${APP_USER}" >/dev/null 2>&1; then
current_uid="$(id -u "${APP_USER}")"
if [[ "${current_uid}" != "${PUID}" ]]; then
usermod -o -u "${PUID}" -g "${PGID}" "${APP_USER}"
else
usermod -g "${PGID}" "${APP_USER}" >/dev/null 2>&1 || true
fi
else
useradd -o -u "${PUID}" -g "${PGID}" -d /app -s /sbin/nologin -M "${APP_USER}"
fi
}
if [[ "$(id -u)" == "0" ]]; then
echo "Running as root, enabling UID/GID remap"
echo "APP_USER=${APP_USER} PUID=${PUID} PGID=${PGID}"
remap_user_group
fix_permissions
exec setpriv \
--reuid="${PUID}" \
--regid="${PGID}" \
--clear-groups \
/app/start.sh "$@"
# Editor's note: no exit (usually required because fallthrough) because we're running the exec syscall which replaces the running proc entirely
fi
echo "Running as non-root ($(id -u):$(id -g)), skipping remap"
exec /app/start.sh "$@"